我有一个perl脚本,它从外部进程获取用户名和密码,然后使用Vintela进行用户身份验证。一切都很有效,直到有人强迫Vintela冲洗它的缓存。刷新缓存后,Authen :: PAM模块返回代码10,这意味着它无法找到用户名。
如果我运行" id $ username"在shell中执行命令,然后运行脚本,然后该用户的所有内容都恢复正常。或者如果用户SSH进入系统,那么Authen :: PAM可以很好地工作。
在生产服务器上,用户没有SSH进入服务器,因此在Vintela刷新后,用户无法再登录。我不想运行" id"在我验证它们之前为每个用户命令。有没有办法可以强制脚本或PAM模块查找用户然后验证它们?
脚本 -
BEGIN {
unshift(@INC, "..", "/usr/local/staf/bin", "/usr/local/staf/lib", "C:/STAF/Bin");
}
use strict;
use PLSTAF;
require Authen::PAM;
my $GlobalUserName = <STDIN>;
my $GlobalPasswd = <STDIN>;
my $result = -1;
$GlobalPasswd = STAF::RemovePrivacyDelimiters($GlobalPasswd);
my $pamHandle = Authen::PAM->new("login", $GlobalUserName, \&conversionFunction);
$result = $pamHandle->pam_authenticate();
# force the destructor execution for PAM
$pamHandle = 0;
# When $result is 0 then user has been authenticated
if ($result == 0) {
print $result;
exit $result;
}
else {
exit $result;
}
sub conversionFunction {
my @response = ();
# PAM constants
my $pamEchoOn = Authen::PAM->PAM_PROMPT_ECHO_ON();
my $pamEchoOff = Authen::PAM->PAM_PROMPT_ECHO_OFF();
my $pamSuccess = Authen::PAM->PAM_SUCCESS();
while ( @_ ) {
my $code = shift;
my $msg = shift;
my $answer = "";
if ($code == $pamEchoOn) {
$answer = $GlobalUserName;
}
if ($code == $pamEchoOff) {
$answer = $GlobalPasswd;
}
# response is always in pairs, response code and the actual answer
push(@response, $pamSuccess, $answer);
}
push(@response, $pamSuccess);
return @response;
}